Discovery of an OpenID session at an OP

[Peter Watkins]

On Thu, Dec 17, 2009 at 08:19:01AM -0800, John Panzer wrote:

> The question is how much of an actual additional phishing risk this
> type of information leak is.

I think unexpected and unintended information leaks are always bad.
Phishing is just one current (mis)use of leaked information, and I'm
sure that in the future we'll see other (mis)uses that have not yet
been imagined or articulated.

> The browsers have accidentally conducted
> an experiment for us. The result so far appears to indicate that this
> information provides little additional benefit to phishers as they
> haven't used it for known successful attacks. Additional data most
> welcomed.

As I think Breno said, we don't want to throw the usability out with
the privacy bathwater, but it bothers me how your recent messages 
seem to downplay the importance of privacy protection. Maybe I'm just
misreading again.

Anyway, I'd prefer that we not have abstract arguments about the 
merits of privacy protection. Clearly some users value "privacy."
Clearly the spec could provide mechanisms that empower users (and OPs)
to provide privacy protections. Clearly too many MUST clauses and
complex mechanisms will hamper development and acceptance by those
who have to build and run systems. 

So let's talk about concrete proposals, eh? I made a proposal a couple
days ago that nobody responded to -- perhaps the In-Reply-To header
buried it too deep in the long-running thread, so I'll re-post. Perhaps
we can devise something that seems to appease privacy concerns without
overburdening implementors.

-Peter